const AppError = require('../utils/appError')

/**
 * 权限验证
 * @param role 允许访问的角色数组，例如 ['admin', 'user']
 * @returns {(function(*, *, *): (*|undefined))|*}
 */
const restrictTo = (role) => (req, res, next) => {
  if (!role.includes(req.user.role)) {
    return next(new AppError('你没有权限进行此操作', 403))
  }

  next()
}

module.exports = restrictTo
